31b5dd4b9119afd13692f5a3d204b139fe78affae1d1ceb6ca426ea59d8a1df1

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 07:02

Target

Private Key/BCSAutogen.dll
Size

48KB
MD5

16e35e8821dc8d90348f274efa941792
SHA1

698599ee94bf4e4c271e989699e288bbd5fc31e3
SHA256

c37325c2ce7803f93033090a477df7a8588d5a1cdef6cc0cea44e299bf8da989
SHA512

879dd4c8cd4bdf4ffbbb6affd259ff47bf4077e6686808a91b10fc0fdb234139dc3ed69e40ce3ca31f0b0bb1d7ea940fd0b6c0317e0865883eb2283c50abfdc9
SSDEEP

768:OmA/lY8mNiYiVvpT/Ix7Y40DX/AdFepp83LSw2eAOswwbz64cROMi2jpv:mlYH6vdw0/AS+WeAOsfbz64g595

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	Process	procid_target
PID 2172 wrote to memory of 2208	2172	regsvr32.exe	31
PID 2172 wrote to memory of 2208	2172	regsvr32.exe	31
PID 2172 wrote to memory of 2208	2172	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Private Key\BCSAutogen.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2172 -s 224
  2⤵
  PID:2208